Dependability Analysis Using SAM Tianjun Shi, Xudong He School of Computer Science Florida International University {tshi01, hex}@cs.fiu.edu
Goal & Method � Goal � Enable the Software Architecture Model (SAM) to model and analyze both functional properties and common non-functional properties � Method � Extend SAM with stochastic constructs � Transform SAM model to SRN model 2
The SAM Model � A SAM model: { C, h } � A set of compositions C = { C 1 , C 2 , … , C k } � A hierarchical mapping h relating compositions. � A composition: C i = { C m i , C n i , C s i } � C m i : a set of components � C n i : a set of connectors � C s i : a set of composition constraints � Components / Connectors: C i j = { B i j , S i j } � B i j : behavior model (a Petri net) � S i j : property specification ( a temporal logic formula) 3
The SAM model (Cont’d) A graphic view of a SAM architecture model 4
Predicate Transition Net (PrT net) � A PrT net is a class of high level Petri net, and is defined as a tuple ( N, Spec, ins ), where � N = ( P, T, F ), the net structure � Spec = ( S, OP, Eq ), the underlying specification � ins = ( ϕ , L, R, M 0 ), the net inscription associating a net element in N with its denotation in Spec . 5
Stochastic Reward Net (SRN) � SRN is an extension to Stochastic Petri Net � A firing rate for each transition, which could be marking dependent � Enabling Function for each transition � Priority for each transition � Tools for SRNs � SPNP � SMART 6
Extension on SAM � Add a stochastic construct into the behavior model expressed in a PrT net � A special variable RATE is used in the constraint of a transition to specify the firing rate. � Firing rate is not necessarily constant � Formally specify non-functional property requirements using Probabilistic real time Computation Tree Logic ( PCTL ) 7
Transformation from SAM to SRN � Unfold the behavior model to a low level Petri net. � Unfold each transition T into a set of transitions based on the set of constant substitution that satisfy the constraint of T . � Places are connected to the unfolded transitions according to the substitution. � Remove the dead transitions and combine equivalent elements if any. � Assign the firing rate to each transition based on the stochastic construct. � Solve the transformed SRN to evaluate dependability. 8
An example: the multiprocessor system M g D 11 D 12 D 1m P 1 M 1 D 21 D 22 D 2m P 2 M 2 B S n D n1 D n2 D nm P n M n 9
The behavior model of the example system P P P Pf T P T 1 i i i P S i r P GM P GMf T 2 T GM T 4 P sub P Sf r r X’ i r r r r X i r P LM P LMf T LM T 5 i i T B i P B r r r P Bf X’ P D P Df T D T 3 <i, j> <i, j> X 10
The SRN model of the example system P S P Pi P Pfi T Pi t 1i P Fi P F1 t 2 λ P t 3i P Sf t 4 P Bf P F2 t 2i P GM P GMf T GM P Dfi2 t 1 t 3 P Dfi1 λ GM T B λ B P F3 T Di1 T Di2 P LMi P LMfi T LMi λ D λ D P B P Di2 P Di1 λ LM (a) (b) 11
Analysis Results 0.80 0.70 Probability of system down 0.60 0.50 0.40 0.30 0.20 0.10 0.00 0 5000 10000 15000 20000 25000 Time (in hours) 12
Conclusion � The analysis of dependability using SRNs is not new. � Our contribution lies in incorporating stochastic information into the SAM so that both functional properties and common non-functional properties like dependability can be analyzed under a unified framework. � Developing tools to automate the transformation is being considered in our future work. 13
Recommend
More recommend
